Add to collection(s) Add to saved
  1. Science
  2. Physics
  3. Electronics

IWAN APIC-EM Application Cisco Intelligent WAN René og Per Cisco DK SE´s

IWAN APIC-EM Application
Cisco Intelligent WAN
René og Per Cisco DK SE´s
Feb 23th 2016
AVC
Private
Cloud
MPLS
3G/4G-LTE
Virtual
Private
Cloud
Branch
Internet
WAAS
Public
Cloud
PfR
Control, Management, & Automation
Transport
Independent
• Consistent operational model
• Simple provider migrations
• Scalable and modular design
• IPsec routing overlay design
Intelligent
Path Control
• Dynamic Application best
path based on policy
• Load balancing for full
utilization of bandwidth
• Improved availability
© 2013 Cisco and/or its affiliates. All rights reserved.
Application
Optimization
• Application visibility with
performance monitoring
• Application acceleration
and bandwidth
optimization
Secure
Connectivity
• Certified strong encryption
• Comprehensive threat
defense
• Cloud Managed Security for
secure direct Internet access
Cisco Confidential
2
Cisco Application Policy Infrastructure
Controller Enterprise Module (APIC-EM)
END-TO-END SOLUTIONS
Security
Collaboration
Services
Orchestration
IWAN
Published Rest APIs
Cisco® APIC-EM Services
Network Plug and Play
Discovery
PKI (Trust Manager)
Topology
Common Policy
Engine
Device Abstraction Layer (SAL)
CATALYST®
ISR
ASR
A New Software-Driven Platform for Solutions Development
WIRELESS
Typical IWAN POC LAB
Greenfield for 4000 ISR
IWAN Transport
Data Center with ASR 1000
Okay to use 4000 ISR or CSR 1000
Sing Router Branch
LAN Branch
4000 ISR
Data Center
MPLS
MPLS HUB
ASR 1000
Master
Controller
ASR 1000
Switch
Switch
Dual Router Branch
Internet HUB
ASR 1000
Switch
LAN Branch
4000 ISR
Switch
Internet
IWAN APP
Internal network
In the data center
BGP,
OSPF,
EIGRP
Possible Architectures
Data Center
1
2
1. For a lab or
POC, MC can
run in one of the
DMVPN hubs
SP links can be:
Internet + MPLS
Internet + Internet
Branch
1. Dual router dual links
2. Single router dual links
3. Single router single links
2. Single data
center with a
separate MC
1
3. Dual data center
with primary
and transit
3
2
3
Monitoring
Cisco Prime Infrastructure 3.0.2+
Typical End-to-End IWAN Management
IWAN APP
REST APIs
Prime™
Infrastructure
3.0.2
 Plug and play
 Secure PKI certificate automation
 IWAN CVD provisioning (DMVPN, QoS, PfR, AVC)
 Centralized business-policy definition
 Definition of application categories path preference
 Configuration archive
 End-to-end assurance
 Detailed, network-level monitoring (CPU, Mem, Interfaces)
 Day-2 monitoring for PfR, L7 app visibility, QoS
Integration with Cisco Prime Infrastructure
3.0.2 or Above
Enter your PI 3.0.2 credentials
under global APIC-EM settings
Using REST API calls, the APIC-EM will:
 Automatically add every IWAN app device to Cisco
Prime™ (DMVPN hubs and branch sites)
 Start NeFlow export and allow Cisco® Prime to collect and
process NetFlow data for AVC (L7 visibility), application
response time (ART), QoS stats, PfRv3 monitor
 Prime also keeps a configuration archive of each device
 Configuration compliance jobs will be run by Prime on a
daily basis. Detailed compliance reports are available
in Prime
Overall application/site
health and stats
PI 3.0 PfR Dashboard
SP SLA summary: Reachability
| loss | jitter | delay
Number of threshold crossings
over time
PfR resolved threshold
crossings/route-change events
Detailed Site View
Link Details
Link details
Threshold Crossings
Application or category usage
over time for a given
link/provider
QoS: application at a site
on a provider link
How to Add Additional Features to a Site
 Any additional features can be pushed to the router. One way is to use Cisco Prime™ to push any
CLI template
 Take care when pushing new CLI commands, which may conflict with the IWAN features (like
ACLs, routing,
RSA keys)
 Any feature pushed by the IWAN App (listed in the previous slide) cannot be changed
manually. This will make the IWAN App policies become unsynchronized
IWAN App Requirements
APIC-EM and IWAN app:

Server: 64-bit x86

vCPU: 6 (2.4GHz)

RAM: 64 Gigabytes

Disk space: 500 Gb

Disk I/O speed: 200 Mbps

Network adapter: 1x

Browser: Chrome (4.3.0 or later)
Cisco IOS® Software version:

Cisco® IOS-XE 3.16 or above; Cisco IOS-XE 3.16.1 is
required for a dual data center
Data Center

Two ASR 1000 routers for DMVPN hubs - one must be
Internet. Two minimum interfaces: one for WAN and one for
LAN, management, and ub interconnect

Hubs need to be configured with the WAN, management IP
address, and with SNMP credentials before stating with
IWAN app

One ASR 1000 master controller (in lab/POC; MC can run in
the DMVPN hub)

HTTPS/HTTP proxy for plug and play (no need for lab/POC)
Branch Sites

4000 ISR with two clouds (one must be Internet)

3 Gigabit interfaces (4321 ISR requires a switch module)

The ISR must have a clean configuration, with no RSA keys

Either dual router with dual link, or single router dual link.
Single router with single link is supported, but without PfR
Related documents
Timing, teamwork, and technology saved my life.
Timing, teamwork, and technology saved my life.
Open Source Used In Unified Screen and
Open Source Used In Unified Screen and
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
12.6.1.4 Lab - Fix a Security Problem IT Essentials 5.0
12.6.1.4 Lab - Fix a Security Problem IT Essentials 5.0
Cisco Intelligent WAN At-a-Glance Grow Your WAN Inexpensively, without Compromise
Cisco Intelligent WAN At-a-Glance Grow Your WAN Inexpensively, without Compromise
Download